HAX CMS Stored XSS via Sanitizer Bypass (CVE-2026-48527) TheHackerWire / 6h CVE-2026-48527 identifies a high-severity (CVSS 8.7) stored cross-site scripting (XSS) vulnerability affecting HAX CMS, which supports both PHP and NodeJs backends. An attacker, having obtained authenticated access and page editing permissions, would craft a malicious input containing an event handler attribute. - ThreatCluster

HAX CMS Stored XSS via Sanitizer Bypass (CVE-2026-48527) TheHackerWire / 6h CVE-2026-48527 identifies a high-severity (CVSS 8.7) stored cross-site scripting (XSS) vulnerability affecting HAX CMS, which supports both PHP and NodeJs backends. An attacker, having obtained authenticated access and page editing permissions, would craft a malicious input containing an event handler attribute.

Source: www.thehackerwire.com

Published:

Read original article